Following a security scare regarding the access that Pokémon Go had to the Google accounts of its users, developer Niantic Labs has published an official response on its website, quelling the fears of trainers everywhere.
As we explained yesterday, logging into Pokémon Go requires players to either use their Google account information or a Pokémon Trainer Club login. Unsurprisingly, most users opted to use their Google accounts, but a quick peek at one’s account permissions reveals that the app has “full access” to your account.
In theory, this could allow the developers to read your email, look at your private photos, delete your documents and much, much more. But as Niantic explains, this was nothing more than an error on their part, and at no point did the app actually have the frightening amount of access that it appeared to have.
Here’s Niantic’s official response to the security concerns:
“We recently discovered that the Pokémon GO account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon GO or Niantic. Google will soon reduce Pokémon GO’s permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves.”
At the moment, Google still says that Pokémon Go has unfettered access to my account, but hopefully the fix from Niantic will roll out soon.
UPDATE: The fixed version was pushed out to users around 2:00pm ET on Tuesday.